6 updates You Need to Know about LGPD in 2022
There have been updates regarding the LGPD. Learn what is new on the Brazilian Data Protection Law here.
The new LGPD - Lei Geral de Proteção de Dados (General Personal Data Protection Law) is establishing a new milestone in the relationship and treatment of information between companies and consumers in Brazil. In practice, the LGPD regulates the use and processing of personal data by the private sector and the public authorities, in order to prevent leaks and misuse.
In 2022 there have been some law adjustments and events that had an impact on the personal and corporate environment. Find out below three significant changes and three recent news about LGPD in 2022 so far.
1. Important LGPD updates for SMEs
On January 27, 2022, the ANPD (Autoridade Nacional de Proteção de Dados/National Data Protection Authority) published Resolution No. 2 in adequacy and compliance with the new rules of the LGPD. The main changes for these companies are:
- Simplified Model for Recording Treatment Operations (Inventory)
- Simplified procedure for reporting security incidents, with specific regulations to be published by the ANPD;
- The non-compulsory appointment of a person as a DPO for SMEs must maintain a communication channel for the exercise of clients' rights.
- Possibility of simplifying the Information Security Policy, containing only the essential items for the protection of personal data against incidents or violations;
- Greater time to respond to requests from data subjects and carry out communications in the event of security incidents.
Such changes aim at a broader adoption of the LGPD principles by SMEs in Brazil. Currently, 7 over 10 SMEs in Brazil still have not fully adopted these principles, so there it lies the importance of these changes by ANPD.
2. Government edits MP that transforms ANPD into a special authority
It has been published in the Federal Official Gazette (MP 1124/2022) a regulation that transforms the National Data Protection Authority (ANPD) into a special authority. This change aims to give more independence to the ANPD, which until then was formally subordinated to the Federal Government.
The ANPD hopes that with the new status it will also be easier for its operations, as well as for international cooperation, where the Brazilian government aims for an OCDE spot.
3. The LGPD is now an integral part of the fundamental right of Brazilians
The National Congress enacted on 02/10/2022 the proposal for an Amendment to the Constitution (PEC) that includes the protection of personal data among the fundamental rights of the citizen. The text then becomes valid and part of the Constitution. It is included in the article dealing with individual and collective rights, a new section that says that "the right to protection of personal data, including in digital media, is ensured, under the terms of the law". The inclusion makes the protection of personal data a solid clause – which means that any change in this theme will have to be in the sense of expanding and protecting rights.
Another curious fact: users and customers do not differentiate between public and private companies when it comes to the data policy. A survey by the Capterra group sought to investigate whether people/users would feel more motivated to share data with private or public companies. The results between private and public companies had very little variation, which did not indicate that there was more confidence in one or another type of company.
4. Demand for compliance with LGPD grows 554% in the corporate environment, says survey
The survey 'Biannual Report on Data Governance' by legaltech Seusdados found that in 2021 a 554% increase in demands for data protection solutions in the corporate market, a considerable leap compared to 2020.
“Not having permanent compliance with data protection among the top three priorities of your business plan for the next five years, is taking the risk of not taking an effective drug to cure a terminal illness” - Marcelo Fattori
5. Eight out of 10 Brazilian companies predict an increase in cybersecurity investment in 2022
According to a survey by the Global Digital Trust Insights Survey 2022, 83% of Brazilian companies predict growth in cybersecurity spending in 2022 - a higher percentage than the world's expectation which is around 70%. In addition, 36% of companies in Brazil are looking to increase their cyber budget by between 6% and 10%. Already 33% predict a rise of 15% or more. This reflects a shift in the corporate mindset in caring for data.
6. Sensitive data requires prior consent
With the implementation of the LGPD, companies - even SMEs (see legislation update in 2022) need to comply with the use and treatment of their customers'/users' data. In the case of sensitive data, it is only possible to process it if it has the explicit consent of the owner of the information.
Knowing how to categorize and differentiate the handling and sensitivity of data types is crucial for compliance with the LGPD. To this end, an effective way is through the use of cybersecurity software and solutions, which enable compliance with current legislation, prevent leaks, and explain the necessary information to the consumer.
Learn more about Secure Privacy's Cookie Compliance Solution
You can sign up for your free trial of our complete LGPD compliance solution .
This article keeps track of the new CPRA regulations passed by the California AG. In the first part, we’ll briefly overview the existing regulations. The proposed regulations follow. Finally, we’ll provide a brief overview of all the regulations that could be expected in the next few years.
The Data Protection and Digital Information Bill: Data Privacy Reform in the UK Government
The introduction of Bill 143 to the House of Commons on July 18, 2022, follows the UK Government’s consultation in September 2021. The consultation detailed the UK Government’s proposed reforms to the UK’s data protection regime following Brexit and is a big step towards achieving the planned reform of the UK's data protection framework, with many significant proposed changes for companies to be aware of. To get started, here are some key provisions to consider about this new data protection legislation.
CPRA Guide | Full Text Summary
If you need to comply with the CCPA, you must also comply with the California Privacy Rights Act (CPRA). Here we have the full text of the CPRA. California legislature bodies have written it in legalese, of course, but we added notes at the beginning of each section to help you understand what that specific section is about.